<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking, branch scarthgap-next</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap-next'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2025-08-02T17:37:04+00:00</updated>
<entry>
<title>libcoap: patch CVE-2024-31031</title>
<updated>2025-08-02T17:37:04+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-07-12T09:45:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=ba84c52d551eaeb9a642b3360fc63719abe06983'/>
<id>urn:sha1:ba84c52d551eaeb9a642b3360fc63719abe06983</id>
<content type='text'>
Pick commit [1] from [2] which fixes [3] as listed in [4].

[1] https://github.com/obgm/libcoap/commit/214665ac4b44b1b6a7e38d4d6907ee835a174928
[2] https://github.com/obgm/libcoap/pull/1352
[3] https://github.com/obgm/libcoap/issues/1351
[4] https://nvd.nist.gov/vuln/detail/CVE-2024-31031

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>open-vm-tools: fix CVE-2025-22247</title>
<updated>2025-08-02T17:37:04+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2025-07-11T06:01:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=21e370fd3c60ef59216a7633c4bbd2356ea92a6b'/>
<id>urn:sha1:21e370fd3c60ef59216a7633c4bbd2356ea92a6b</id>
<content type='text'>
VMware Tools contains an insecure file handling vulnerability.
\xa0A malicious actor with non-administrative privileges on a
guest VM may tamper the local files to trigger insecure file
operations within that VM.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-22247

Upstream patch: Backport from https://github.com/vmware/open-vm-tools/blob/CVE-2025-22247.patch/CVE-2025-22247-1230-1250-VGAuth-updates.patch

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: upgrade 3.6.3.1 -&gt; 3.6.4</title>
<updated>2025-08-02T17:37:04+00:00</updated>
<author>
<name>Guðni Már Gilbert</name>
<email>gudni.m.g@gmail.com</email>
</author>
<published>2025-07-17T13:56:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=2c9126bd0dd0f62021f5db34d698489bb814ebda'/>
<id>urn:sha1:2c9126bd0dd0f62021f5db34d698489bb814ebda</id>
<content type='text'>
Fixes several security vulnerabilities:
CVE-2025-49601, CVE-2025-49600, CVE-2025-52496,
CVE-2025-47917, CVE-2025-48965, CVE-2025-52497,
and CVE-2025-49087

The framework directory has been changed into a git submodule.[1][2]
The recipe now uses Git Submodule Fetcher (gitsm)

Changelog:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.4

[1] https://github.com/Mbed-TLS/mbedtls/commit/8cf5666a174237998a7965e284d7ba8c1655d16d
[2] https://github.com/Mbed-TLS/mbedtls/commit/c90c6d8ff787ab8787d9373b0e662a95ed1f4dae

Signed-off-by: Guðni Már Gilbert &lt;gudni.m.g@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>mbedtls: upgrade 3.6.3 -&gt; 3.6.3.1</title>
<updated>2025-08-02T17:34:07+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2025-07-17T13:56:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6dedea42620332987d92044a7e8c8e85fa07c107'/>
<id>urn:sha1:6dedea42620332987d92044a7e8c8e85fa07c107</id>
<content type='text'>
Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>postfix: fix rootfs file difference</title>
<updated>2025-08-02T17:13:14+00:00</updated>
<author>
<name>Jinfeng Wang</name>
<email>jinfeng.wang.cn@windriver.com</email>
</author>
<published>2025-07-16T05:17:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=fb6424156ae87693f8cd2294e9ecb2345a0ac2ae'/>
<id>urn:sha1:fb6424156ae87693f8cd2294e9ecb2345a0ac2ae</id>
<content type='text'>
Rootfs file differs with the same project configure, add preliminary
setting to avoid this.

Signed-off-by: Jinfeng Wang &lt;jinfeng.wang.cn@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>proftpd: Fix CVE-2023-51713</title>
<updated>2025-08-02T17:13:06+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-06-06T06:20:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=1e80bb4b03820c2c0234936387b2c594cfecc2f8'/>
<id>urn:sha1:1e80bb4b03820c2c0234936387b2c594cfecc2f8</id>
<content type='text'>
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592

Link: https://git.openembedded.org/meta-openembedded/commit/?h=kirkstone&amp;id=730e44900a0a86265bad93a16b5a5ff344a07266

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>tcpreplay: fix CVE-2024-22654</title>
<updated>2025-07-11T00:13:26+00:00</updated>
<author>
<name>Archana Polampalli</name>
<email>archana.polampalli@windriver.com</email>
</author>
<published>2025-06-03T15:48:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=4a58c213346ff3dc04624328d3fad1d244047714'/>
<id>urn:sha1:4a58c213346ff3dc04624328d3fad1d244047714</id>
<content type='text'>
tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.

Signed-off-by: Archana Polampalli &lt;archana.polampalli@windriver.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>wireshark: upgrade 4.2.9 -&gt; 4.2.12</title>
<updated>2025-07-11T00:05:56+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-06-09T06:44:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6885bcddd4265c325d9b383e010c541dd272899a'/>
<id>urn:sha1:6885bcddd4265c325d9b383e010c541dd272899a</id>
<content type='text'>
releasenote:
https://www.wireshark.org/docs/relnotes/wireshark-4.2.12.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.11.html
https://www.wireshark.org/docs/relnotes/wireshark-4.2.10.html

Includes security fix CVE-2025-5601

License-Update: Update GPL copies for FSF no longer having an address
Link: https://github.com/wireshark/wireshark/commit/18e4db97c424c11cb26fa7fef97b95dd3d001bb1

The 4.2.9 was not longer available at the original SRC_URI.
At the new SRC_URI all version of the wireshark releases are available.

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>chrony: use inherit_defer for conditional inherit of useradd</title>
<updated>2025-06-23T20:57:53+00:00</updated>
<author>
<name>Clayton Casciato</name>
<email>majortomtosourcecontrol@gmail.com</email>
</author>
<published>2025-05-23T03:16:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=40c9f33ad292e3b418a56132582c3970381fcecb'/>
<id>urn:sha1:40c9f33ad292e3b418a56132582c3970381fcecb</id>
<content type='text'>
[ Upstream commit 63df976d8eec0fa714e8da30f4333f8af23c57d3 ]

conditionnal inherit is missed when PACKAGECONFIG privdrop is
activated after this inherit, eg in .bbappend.

Signed-off-by: Andreas Fenkart &lt;afenkart@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
Signed-off-by: Clayton Casciato &lt;majortomtosourcecontrol@gmail.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>proftpd: Fix CVE-2024-57392</title>
<updated>2025-05-21T13:17:27+00:00</updated>
<author>
<name>Vijay Anusuri</name>
<email>vanusuri@mvista.com</email>
</author>
<published>2025-05-07T12:55:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=491671faee11ea131feab5a3a451d1a01deb2ab1'/>
<id>urn:sha1:491671faee11ea131feab5a3a451d1a01deb2ab1</id>
<content type='text'>
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/981a37916fdb7b73435c6d5cdb01428b2269427d

Signed-off-by: Vijay Anusuri &lt;vanusuri@mvista.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
